Logo Cleanfox blanc

Cleanfox user protection policy

1. PREAMBLE
Foxintelligence by NielsenIQ publishes Cleanfox, a free service which makes it easier for you to manage your email accounts by offering you a tool that cleans your mailbox and automatically deletes your newsletters. Foxintelligence is part of Nielsen Consumer LLC (NielsenIQ), based in Chicago, Illinois.

In return for this free service, with your consent, we will extract transactional data from user mailboxes that allows us to establish statistical studies marketed with various economic operators (companies, associations, schools, and universities) to improve their products and services to refine their knowledge of the markets. We guarantee you in this respect that we do not communicate any data for advertising targeting purposes, profiling or reidentification.

To clean your mailbox and to perform statistical analyzes and the production of our reports, we must carry out some processing of its users' personal data. We therefore act as a data controller, in that we determine the means and purposes of the processing of your data.

As such, we undertake to comply with the provisions of the General Data Protection Regulation (GDPR). GDPR Article 12 requires us to inform you of the characteristics of the processing that we carry out with your data and the rights that you have in relation to it.
2. PURPOSE
The purpose of this Cleanfox Privacy Policy is to fulfill our obligation to be transparent and provide information by making you aware of the information required by the GDPR.
3. RESPECT FOR YOUR PRIVACY
We access your email account for the sole purposes of identifying newsletters so that you can delete them and identifying your transactional emails in order to quantify and extract information about your online transactions. The extracted data obtained enables us to offer market research studies for statistical, research, investment, or educational purposes.

Under no circumstances do we access the contents of your personal communications. With regard to transactional emails, we extract data automatically from them without leveraging human intervention, unless we update our filtering and data extraction tools, in which case only a limited part of our teams may have limited access to these emails.

When we prepare studies and share insights with our clients, we use tools and methods that are designed to ensure that there is no reasonable possibility of identifying you. For example, we will combine data obtained from you with data obtained from other participants in order to produce reports with aggregated data from which you cannot be reasonably identified; or studies based upon modeled data with projections based on demographic and behavioral characteristics that look at a sample group of people and then predict what people with similar characteristics or preferences would want to buy.
4. DATA PROCESSED
The data concerning you that we may process is as follows:

- identity and identification (surname, first name, date of birth, automatically generated ID, referral code associated with each user),
- contact details (email address(es) provided in order to create the Cleanfox account and to be cleaned)
- extracted transactional data concerning your online-purchases (information about the item(s) concerned, payment type, delivery address, billing address if different, order number, user's consumption history). When you register for our service, we ask you to provide us with access to your email and retail account(s) to extract this transactional data that allows us to produce reports for our clients that do not identify you as an individual and are used for statistical, research, investment or educational purposes. We will never use your transactional data to advertise, promote, or market third-party goods or services to you. You authorize and consent to this access by agreeing to this Privacy Policy. You may opt out of being among the group of users whose transactional data we use to produce these reports for our clients.
- technical data (identification data, connection data, acceptance data and, where applicable, location data).
- Device data: We may collect standard technical data about your device when you use the Cleanfox Mobile Application (Cleanfox App), including your unique device identifier, device manufacturer and model, operating system name and version, and Media Access Control (MAC) address. We use this data for the purpose of determining and/or improving compatibility between your mobile device and the Cleanfox App as well as system administration.
- Log and usage data: In order to help us improve our service, when you download and use the Cleanfox App, we automatically record and store certain usage data, such as your device’s Internet Protocol (IP) address, browser type and version, and browser language as well as the pages that you visit, the dates and times of your visits, and the information and files that have been downloaded to the Cleanfox App.
- Location-based data: If you give us permission, when you use the Cleanfox App we may receive data about the imprecise geolocation (latitude and longitude) of your mobile device through various means depending on the device you are using, including Global Positioning System (“GPS”), Bluetooth, or Wi-Fi signals/connections. We collect this data in order to be able to know the country you belong to for audience measurements purposes. We do not store your IP address and do not share it with third-parties.
- Cookies and similar technologies: We may use cookies (small data files placed on your device for recordkeeping and other purposes) and similar technologies to enable certain features and functionality and collect additional data that helps us improve the Cleanfox App and better deliver our services to you. Specifically, we may use cookies to identify your browser or device, display information more effectively, provide you with tailored content, and gather statistical data about how you use the Cleanfox App. We may also use cookies and other data collection technologies (e.g., web beacons, pixels, or tags) for security purposes and to detect against fraud and other risks in order to protect the Cleanfox App’s users. If you do not wish to have data collected from your device by cookies and/or similar technologies, most browsers and mobile settings allow you to decline the use of cookies. Please note, however, that by doing so, some features of the Cleanfox App may not work properly. To learn more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit http://www.allaboutcookies.org.
United States residents
Your data may be transferred to our parents company (NielsenIQ) in the US. In this case, local laws will prevail.
California Residents
This section explains how we collect, use, and disclose personal data about California residents under the California Consumer Privacy Act (“CCPA”). The table below summarizes the categories of personal data that we may collect or obtain from or about you together with the source(s) of the information. Note that the categories and sources in the table represent the categories and sources of personal information that we have collected within the last twelve (12) months.
Category
Examples
Source
Identifiers
First and last name, alias, home postal address, online identifiers (such as a cookie ID or mobile device ID), internet protocol (or IP) address, email address, account name to login to our Website,
As a quality control measure and to maintain the integrity of our digital research, we use a digital fingerprinting technology, also known as "machine identification" technology, to gather certain information about the device you use to participate in our research. This information is sent to a trusted third-party service provider that converts it into a unique serial number for your computer – the digital fingerprint – through the use of a proprietary algorithm and determines if it matches any previous digital fingerprint.
Directly from you (or another member of your household),Indirectly from you, such as when you use and/or interact with our Website and/or our App,
Data provider,
Our clients
Identifiers Demographic Information (including Protected Classification information)
Information about your unique demographic profile, including your age, state of residence, marital status or sex (such as gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions). Please note, these categories of information are dependent on the type of research in which you are invited to participate.
Directly from you

Data provider
Commercial
Information
Records or information about products or services that you have purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This includes “behavior information,” such as when, why, or how you do things, such as how frequently you shop for groceries or use your computer, TV, or the Internet. It also includes “preference information,” which refers to the choices you make, such as which breakfast cereals you buy, which stations you listen to or watch, or the websites that you visit.
Directly from you

Data provider
Internet or Other
Similar Network
Activity Information
When you use and/or interact with our Website and/or our App, we collect certain information, including: (i) standard technical information from and about your device (e.g., your device ID, device manufacturer and model, operating system, and version, IP address); and (ii) log and usage information (e.g., our webpages that you visit, the dates and timestamps associated with your visits and certain transactions.

For more information, please see the “Cookies and Similar Technologies” section below.
Indirectly from you (i.e., passively when you visit and/or interact with our Website and/or our App
Sensory Information
This refers to audio, electronic, visual, or similar information. This information is dependent on which survey in which you are asked to participate. Not all surveys will require this information.
Directly from you (video and sound recordings)
Professional / Employment Information
This refers to information, such as your job title, industry, and income range.
Directly from you

Data provider
Extracted Information
Data collected via access your email account(s) and retail account(s), including subscriptions, commercial transactions, registration confirmations, and the promotions that you receive by email
Directly from you

Passively when you authorize us to collect these types of information
Other Personal Information
This refers to any physical characteristics or descriptions, such as your height and weight. This is dependent on the survey in which you are asked to participate.

This also refers to any information that you provide to us, enable us to collect, or voluntarily post or upload to our Website or our App (e.g., comments and requests).
Directly from you (video and sound recordings, photographs)
Special (Sensitive) Personal Data:
The extracted personal data may include data for which certain jurisdictions require higher protection. This data is referred to as Special Category Personal Data and may include personal data revealing racial or ethnic origin, data concerning health, or data concerning your sex life or sexual orientation. Like other data we collect, we will only extract Special Category Personal Data contained in transactional data (such as electronic receipts) from user mailboxes for the purpose of establishing statistical studies marketed with various economic operators (companies, associations, schools, and universities) to improve their products and services to refine their knowledge of the markets. We we do not communicate Special Category Personal Data for advertising targeting purposes, profiling or reidentification. By downloading the Cleanfox App and participating in Cleanfox, you explicitly consent to us processing this Special Category Personal Data.
5. ORIGIN OF DATA
We collect your data from:

- data that you provide to us directly when you create your Cleanfox account,
- data generated automatically from our services in order to identify you and make your access to Cleanfox secure (application password, user ID)
- enriched data generated from our services by means of machine learning, data science and crawling tools in order to obtain additional information about your buyer profile (gender, town) and transactions carried out, not all enriched data is personal as not all of it can identify you or make you identifiable.
6. LEGAL BASIS
If you are based in the European Union (“EU”)/European Economic Area (“EEA”)/United Kingdom (UK), we will process your personal data for the purposes outlined in this Privacy Policy based on one or more of the legal bases listed below.

- Consent: We collect and use your personal information with your consent. We will rely on your consent as a legal basis in relation to processing extracted transactional data.

- Necessary for the performance of a contract to which user is a party. In this case, as necessary to provide you with the Cleanfox service to allow you to manage your email accounts by offering you a tool that cleans your mailbox and automatically deletes your newsletters.

- Legitimate interests: We rely on our legitimate interests, provided that such interests shall not be overridden by your interests, fundamental rights, or freedoms. In particular, we may process your personal data in reliance on a legitimate interest in: (i) communicating relevant information to you; (ii) managing, maintaining, and operating our IT and security systems; (iii) adequately protecting, defending, and safeguarding our networks; (iv) managing and enhancing protection against fraud, spam, harassment, intellectual property infringement, and risks to which we are exposed (e.g., crime and security risks); (v) complying with laws and regulations to which we are subject, including, where applicable, laws and regulations of countries other than your country of residence; and (vi) meeting our obligations and enforcing our legal rights.

- Compliance with legal obligations: We may process your personal data if necessary for us to comply with a legal obligation arising under applicable law to which we are subject.

If you have any questions or concerns about the legal basis upon which we collect and use your personal data, please email us at support@cleanfox.io.
7. PURPOSES
We process your personal data for the following purposes:

- managing your registration with Cleanfox,
- providing the cleaning service for your email accounts and ecommerce transaction measurement,
- managing the relationship and interactions with you,
- dealing with requests to add or delete an email account associated with Cleanfox,
- dealing with your requests to delete your Cleanfox account,
- improving our services and audience measurements and, where applicable, satisfaction surveys,
- Realization of statistical reports marketed to various economic operators for statistical purposes, research, education and investment. We access information from transaction-related email account(s) and retail account(s) to develop and prepare statistical reports with the assistance of, and in combination with, data that is available to our parent company, our affiliate companies, and other trusted business partners. We undertake a process that is designed to obfuscate or replace directly identifiable information with a unique identifier. We may further combine or aggregate this extracted information with other information available to us or our trusted business partners; and once the information is processed, and we use this extracted information as part of our statistical reports.

The statistical reports that we prepare are for purposes such as:
- understanding industry and business trends;
- improving the goods, services or offers provided to customers;
- improving business operations;
- understanding the competitive landscape;
- understanding where to make investments; or
- gaining other business insights.
8. RECIPIENTS
The GDPR defines data recipients as individuals or corporations to whom/which personal data is communicated, regardless of whether they are a data controller or processor.

In this regard, recipients of your data, who have our permission or legal authority to access it, can be internal or external:

- members of our staff who are authorised to process your data according to their respective skills.
- our processors (e.g. data host), or authorised services responsible for auditing (auditors).
- relevant third parties as part of a corporate transaction, such as a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
- our parent company, which helps us develop measurement products and datasets;
- our affiliated companies, which enhance our measurement capabilities by combining the information that we collect with other information available to them.
- competent governmental and public authorities, in each case to comply with legal or regulatory obligations or requests or for the purposes of reporting any actual or suspected breach of applicable law.
- other third parties as we believe necessary (e.g., in order to protect the rights, property, operations, health, or safety of you, us, or others) or appropriate for legal purposes (e.g., in connection with claims, disputes, or litigation or in order to enforce our legal rights).
- We may share pseudonymized (de-identified) personal data with our clients in such a manner that the personal data can no longer be attributed to you without the use of additional information, as the information that could identify you is replaced by “pseudonyms” or “identifiers”. The tools and methods we use to pseudonymize your personal data are proven and are designed to ensure that there is no reasonable possibility of identifying you.
9. STORAGE PERIOD
Your data is processed for a limited period which we decide in the light of the legal and contractual restrictions on us and, failing this, according to our needs.

We apply the following storage periods:

- if your account is deleted: immediate deletion of your data.
- if you are inactive without deleting your account: 3 years from the most recent activity in your account or the most recent contact with you.
10. YOUR RIGHTS
You have the following rights with regard to your personal data:

- a right to ask us to confirm that data which concerns you is being processed, to access this data and to request a copy of it (right to access and copy).
- a right to have any data concerning you which is inaccurate or obsolete corrected (right of rectification).
- a right to ask for your data to be erased when you no longer wish to use Cleanfox (right to erasure).
- a right to receive data concerning you which you have communicated to us in a structured, widely used and machine-readable format (right to portability).
- a right to give instructions in relation to the processing of your data if you die (post-mortem right).

The right to erasure is exercised automatically when you delete your Cleanfox account, as this results in immediate and automatic deletion of your personal data, unless you instruct otherwise.

With regard to the right to data portability, you have a functionality in Cleanfox which enables you to exercise it and recover all of the data that you provided to us when you signed up for Cleanfox.

Lastly, in the « Settings » section of your Cleanfox account, we give you a right to opt out of being among the group of users whose transactional data we use to produce data for statistical, research, investment, or educational purposes for our clients.

The other aforementioned rights must be exercised exclusively by you in writing, either by email to support@cleanfox.io or by mail to the address Foxintelligence 1 rue de Metz 75010 Paris.

If we have any doubts about your identity, we reserve the right to ask you to provide proof of your identity, which will be deleted immediately after your identity has been verified.
11. PROCESSING
The GDPR defines a processor as any individual or corporation who/which processes personal data on a data controller's behalf.

If we decide to enlist any processor of our choice to process your data, we will ensure that the latter honours his/her/its obligations under the GDPR and will undertake to sign a written contract with him/her/it which will require him/her/it to perform obligations with at least the same level of data protection that we fulfil ourselves in relation to data protection. We also reserve the right to carry out an audit of our processors in order to ensure that they are fulfilling their obligations.
12. SECURITY
We take the technical and organizational measures that we deem appropriate to combat unauthorized destruction, loss, alteration or disclosure of personal data in an accidental or unlawful manner.

These measures include:

- managing permissions and restrictions of data access rights,
- using secure identification processes such as the application password to synchronise the user's email account and Cleanfox,
- using tested and proven data pseudonymisation and anonymisation techniques
- implementing back-up measures,
- implementing encryption measures (private keys),
- implementing traceability measures for each database.

If a processor is used, we undertake to make him/her/it contractually subject to security guarantees through appropriate technical and organisational measures .
13. DATA BREACH
In the event of a data breach, we undertake to report it to EDPB in the manner stipulated by the GDPR.

If the breach poses a high risk to you, we undertake to warn you about it if you are affected and to give you the necessary information and recommendations.
14. DATA PROTECTION OFFICER
We have appointed a responsible for data protection, Mr Louis BALLADUR, whom you may contact at the following address for any queries concerning your data: louis@foxintelligence.io.

We also have hired a lawyer, Mr Eric BARBRY, to act as an independent DPO for Foxintelligence by NielsenIQ. He can be contacted at dpo-foxintelligence@racine.eu.
15. CROSS-BORDER FLOWS
Due to the international nature of our business, the disclosures described above may result in the transfer of your personal data to countries or regions with data protection laws that differ from those in your country of residence, and in some instances provide a lesser level of data privacy protection. By providing us with or access to your personal data and/or using the Cleanfox service, you are acknowledging that your personal data may be transferred to countries outside of your country of residence. In cases where your personal data is transferred outside of your country of residence, we will ensure that there are adequate safeguards in place to protect your personal data.

We reserve the right to implement cross-border flows outside the EU for data that we process, and you will be informed of them. In this event, we will ensure that your rights are respected and will sign, if necessary, one or more contract(s) to manage these flows with the receiving country/countries in accordance with the requirements of the applicable regulations.
16. PROCESSING REGISTER
We keep an up-to-date register, which is available to EDPB, of processing operations in which processing of the data of users of the Cleanfox application is recorded.
17. CONTACT DETAILS
For any queries that you may have about the processing of your data, you may contact us at the address support@cleanfox.io.

You may also contact our Data Protection Officer, Mr Eric BARBRY. He can be contacted at dpo-foxintelligence@racine.eu.As permitted by law, you may also contact EDPB at the following address: Rue Wiertz 60, B-1047 Brussels or by email: edpb@edpb.europa.eu on +33 1 5373 22 22.
18. CHANGES
If changes are made to the applicable regulations or if new functionalities in Cleanfox which affect the processing of your data are implemented, we reserve the right to amend this policy. Notice of any new policy will be given before it enters into force.
19. Right to data portability
The right to portability gives people the ability to retrieve some of their data in an open, machine-readable format. They can store or transmit them easily from one information system to another, for reuse for personal use.“ French National Commission for Informatics and Liberties (CNIL). You can easily download all your personal data stored by Cleanfox by clicking on Protecting your data / Download my data in the Settings section.

Under the General Data Protection Regulation, Cleanfox also allows its users to claim their right to data portability from their online suppliers. The user can consult all the data held by his or her suppliers. If you have claimed the right to portability, we will send you an email once this data is available.

Cleanfox Privacy Notice

Updated: March 2024

This privacy notice informs you how NielsenIQ SAS collects and processes your personal data in connection with the Cleanfox Application.

NielsenIQ belongs to the group of companies listed here and here, which together form the "NIQ Group" ("NIQ").  

Where we refer to personal data below, we mean any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified (anonymous data) is no longer considered personal data.  

We may need to amend or update this privacy notice from time to time. Therefore, please read this privacy notice at regular intervals.
1. Controller, data protection officer
For the purposes of this privacy notice, the controller is:

NielsenIQ Global Communications which is located at 185 Broad Street, New York, NY 10004. We can be contacted by email at: support@cleanfox.io  

NielsenIQ has appointed a data protection officer who can be contacted at : DPO@gfk.com, mentioning "Cleanfox" in the email subject line.
3. Personal data categories, processing purposes, legal bases of processing and data storage periods or rules
Personal data categories
Processing purposes
Legal basis of the processing
Storage periods or rules
Identification data
(1) To create and manage your account;  
(2) To personalize your service and user experience.
(1) Necessary for the performance of a contract (Art. 6(1)(b) GDPR).
(2) Your consent (Art. 6(1)(a) GDPR);
Stored until you delete your account or request the deletion of your data, subject to compliance requirements.
Email account data
To service your email account; To communicate with you about the service
Necessary for the performance of a contract (Art. 6(1)(b) GDPR).
Stored until you delete your account. Email logs may be kept for a longer duration as per applicable law or for compliance purposes.
Data about your subscription services, newsletters, and promotions, and which may include or reveal Sensitive Personal Data as explained in section IV
To fulfill the service, including the processing of your unsubscribe requests; To analyze user interactions for improving the service and your user experience.
Necessary for the performance of a contract (Art. 6(1)(b) GDPR).
Anonymized data may be stored indefinitely; personal data stored elsewhere is removed upon conclusion of the purpose for which it is necessary, or within a timely period following account deletion.
Shopping transaction data, including item(s) purchased, price, payment type, delivery address, billing address, order number and order history, and which may include or reveal Sensitive Personal Data as explained in section IV  
To produce anonymized or pseudonymized reports, including those relating to marketing, retail sales measurement and analysis, product advertising and marketing strategies and tools, consumer preferences and demands, product innovation and development, customers' purchasing decisions, histories and behaviors, competitor and market analysis and supply chain management
Your consent (Art. 6(1)(a) GDPR)
Anonymized data may be stored indefinitely; personal data stored elsewhere is removed upon conclusion of the purpose for which it is necessary, or within a timely period following account deletion or withdrawal of your consent.
As long as you are a member of the Panel, we process your transactional data from 2017 for statistical purposes and we keep on processing it until you opt out of the panel, delete your account or ask us to stop processing it.
Technical data: identification data, connection data, acceptance data and, where applicable, location data, unique device identifier, device manufacturer and model, operating system name and version, and Media Access Control (MAC) address
To ensure compatibility and improve service functionality; System administration.
Necessary for the performance of a contract (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR) in improving service security and functionality
Stored for the duration necessary for the purposes for which it was collected, usually not exceeding your account life plus a period for system analysis and improvement.
Log and usage data (for example, IP address, MAC address, IMEI number, Mobile Advertising ID, etc.)
(1) system security measures. (2) To personalize your service and user experience.
(1) Legitimate interests (Art. 6(1)(f) GDPR) in monitoring and improving service functionality and security.
(2) Your consent (Art. 6(1)(a) GDPR);
Logs are stored for a short period necessary for troubleshooting and security, not exceeding 6 months to 1 year, then anonymized or deleted.
Location-based data (for example,  we may receive data about the imprecise geolocation (latitude and longitude) of your mobile device through various means depending on the device you are using, including Global Positioning System (“GPS”), Bluetooth, or Wi-Fi signals/connections. 
To personalize the service for example to adapt the language according to the user's location.
User consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR) in understanding the geographical distribution of users for service improvement.
Stored for the duration necessary to provide personalized services or for audience measurements, then anonymized and/or deleted.
4. Sensitive Personal Data
The categories of personal data we process, as outlined in sec. III, may in certain instances include or reveal "sensitive personal data." Sensitive personal data is a subset of personal data under data protection laws, including the GDPR. It includes any information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Our processing of sensitive personal data requires us obtaining your explicit consent or another legal basis as permitted under the GDPR.
Category
Examples
Source
Identifiers
First and last name, alias, home postal address, online identifiers (such as a cookie ID or mobile device ID), internet protocol (or IP) address, email address, account name to login to our Website,
As a quality control measure and to maintain the integrity of our digital research, we use a digital fingerprinting technology, also known as "machine identification" technology, to gather certain information about the device you use to participate in our research. This information is sent to a trusted third-party service provider that converts it into a unique serial number for your computer – the digital fingerprint – through the use of a proprietary algorithm and determines if it matches any previous digital fingerprint.
Directly from you (or another member of your household),Indirectly from you, such as when you use and/or interact with our Website and/or our App,
Data provider,
Our clients
Identifiers Demographic Information (including Protected Classification information)
Information about your unique demographic profile, including your age, state of residence, marital status or sex (such as gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions). Please note, these categories of information are dependent on the type of research in which you are invited to participate.
Directly from you

Data provider
Commercial
Information
Records or information about products or services that you have purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This includes “behavior information,” such as when, why, or how you do things, such as how frequently you shop for groceries or use your computer, TV, or the Internet. It also includes “preference information,” which refers to the choices you make, such as which breakfast cereals you buy, which stations you listen to or watch, or the websites that you visit.
Directly from you

Data provider
Internet or Other
Similar Network
Activity Information
When you use and/or interact with our Website and/or our App, we collect certain information, including: (i) standard technical information from and about your device (e.g., your device ID, device manufacturer and model, operating system, and version, IP address); and (ii) log and usage information (e.g., our webpages that you visit, the dates and timestamps associated with your visits and certain transactions.

For more information, please see the “Cookies and Similar Technologies” section below.
Indirectly from you (i.e., passively when you visit and/or interact with our Website and/or our App
Sensory Information
This refers to audio, electronic, visual, or similar information. This information is dependent on which survey in which you are asked to participate. Not all surveys will require this information.
Directly from you (video and sound recordings)
Professional / Employment Information
This refers to information, such as your job title, industry, and income range.
Directly from you

Data provider
Extracted Information
Data collected via access your email account(s) and retail account(s), including subscriptions, commercial transactions, registration confirmations, and the promotions that you receive by email
Directly from you

Passively when you authorize us to collect these types of information
Other Personal Information
This refers to any physical characteristics or descriptions, such as your height and weight. This is dependent on the survey in which you are asked to participate.

This also refers to any information that you provide to us, enable us to collect, or voluntarily post or upload to our Website or our App (e.g., comments and requests).
Directly from you (video and sound recordings, photographs)
5. Recipients
We may share your personal data with other companies in the NIQ Group. Within the NIQ Group, only employees and departments with a “need to know” have access to your personal data and only to the extent necessary. Regarding the transfer of your personal data within the NIQ Group, the companies of the NIQ Group are either independent controllers, joint controllers or processors, depending on the processing activity.  

We may transfer your personal data to recipients, who are usually processors, outside the NIQ Group. These third parties belong to the following categories of recipients:  

- Clients in their capacity as independent controllers may receive non-sensitive personal data (transactional data) in a pseudonymized form that does not enable them to identify a Panelist;
- service providers for the operation of our application and the processing of personal data stored or transmitted by the systems (e.g. hosting or service providers for data centre services, payment processing or IT (Information Technology) security);
- consultants and service providers as independent controllers or joint controllers (for example: insurance companies or accounting service providers);
- persons who are subject to professional secrecy or are obliged to maintain confidentiality, for example lawyers, tax consultants and auditors;
- government agencies/authorities, to the extent deemed necessary to comply with legal obligations;
- persons involved in carrying out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in company acquisitions or the establishment of joint ventures);
- recipients in the course of any reorganisations, mergers, disposals or other transfers of assets. We will then ensure that the recipient of your personal data agrees to handle it in a manner that complies with applicable data protection law and is compatible with the original purposes of the processing. We continue to ensure the confidentiality of your personal data and inform you about the transfer to another controller.  

Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g. a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.
6. Transfers of Data outside the EU/EEA
Due to the international nature of our business, it may be necessary for us to transfer your personal data to other companies within the NIQ Group and to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). For this reason, we may transfer your personal data to Third Countries that have different laws and data protection compliance requirements than the country in which you are located. The third countries concerned, for example, the United States of America, may not have the level of data protection that you enjoy under the GDPR. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.

Within the NIQ Group, we have concluded an intra-group data transfer agreement with the relevant transfer mechanisms (standard contractual clauses of the European Commission) to ensure an adequate level of protection for your personal data when it is transferred from the EU/EEA to third countries.

Insofar as we transfer your personal data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary. Please contact DPO@gfk.com, mentioning “Cleanfox” in the email subject line, to obtain a copy of transfer mechanisms.
7. Are you obliged to provide your personal data?
In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.
8. Your data subject rights
You have the following rights in relation to your personal data:

- right to access and right to receive a copy of your personal data: Art. 15, GDPR
- right to rectification: Art. 16, GDPR
- right to erasure: Art. 17, GDPR
- right to restriction of processing: Art. 18, GDPR
- right to data portability: Art. 20, GDPR
- right to object: Art. 21, GDPR: You have a general right to object, on grounds relating to your situation, if we process your personal data based on our legitimate interest. This means that you must always give reasons for your objection and the reasons for the objection must not result from the processing situation as such but must be justified in your person. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Further, you have the right to object to the processing of your personal data for direct marketing purposes at any time.
- right to withdraw your consent, Art. 7 (3) GDPR: You can withdraw consent at any time with effect for the future by contacting us using the contact information in section 1.  
- right to lodge a complaint, Art. 77 GDPR: In the event of a (suspected) infringement of applicable data protection laws, you may lodge a complaint with a supervisory authority.  

We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).

We will comply with your request without undue delay and in any event within one month of receipt of the request. This period may be extended by a further two months if necessary, considering the complexity and number of requests. NIQ will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request. This does not apply to right to withdraw consent, which we implement without delay within our statutory obligation.
9. Duration of the processing
We will only process your personal data for as long as is necessary to achieve the above purposes. For details, please see column “data storage periods or rules” in sec. III. Third parties engaged by us will store your personal data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the relevant contract. We will delete or anonymise your personal data as soon as it is no longer required for the purposes described in this privacy notice and if we have no legal basis to further store your personal data.

In addition, the retention period may be extended if we are subject to statutory retention and documentation obligations (for France these are up to ten years). The retention period may also be based on the statutory limitation periods (for France this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g. in connection with authority or legal proceedings.

Regarding the use and retention period of cookies, please note section 11.
10. Security
We protect your personal data from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and maintain the confidentiality of your personal data. This is also ensured using appropriate technical and organisational measures. We choose our security measures considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and continuously improve them. Technical measures include, for example, the use of encryption (e.g. TSL encryption for personal data in transit), access control to our systems, monitoring of system resources and system messages, ensuring the availability and resilience of systems and services.

Organizational measures include, for example, defining roles and responsibilities, ensuring the correct and secure operation of information processing systems, regular training and awareness-raising of employees, as well as evaluating and assessing the effectiveness of the aforementioned measures.

Access to your personal data is only granted to employees, service providers or NIQ Group companies who require such access for the fulfilment of a business purpose or for the performance of their duties.
11. Cookies and other technologies we use [Note: is the Cookies notice provided separately?]
Our website contains cookies and other technologies (e.g. pixels, scripts) (together “Cookies”). Cookies are used to make our website user-friendly, effective and secure. Cookies are, for example, small text files that are stored on your terminal device and contain personal data such as personal settings and login information.  

We use the following categories of Cookies:  
- Performance Cookies: These Cookies allow us to track visits and website usage so that we can measure and improve the performance of our website. They help us understand which pages are the most or least popular, or to record error messages on the website. All analysis based on this information is aggregated.
- Functional Cookies: These Cookies allow us to improve the functionality and personalization of the website. They ensure that your website preferences (e.g., settings or filters) are maintained and help us to include third-party services on the website. Any analysis performed based on this information is aggregated.
- Advertising Cookies: These Cookies help us to better analyze the impact of our website and your interests, e.g. to show you personalized advertising or put other content on our or other websites. These may be displayed on our website or on third-party websites. In particular, the Cookie collects information about your browsing activities to understand which topics are relevant to you.
- Strictly Necessary Cookies: These Cookies are necessary for the functioning and management of the website and cannot be disabled in our systems. They are usually set based on your input, such as when you set your Cookie preferences, log in, or fill out forms. You can set your browser to block these cookies, but then some parts of the website will not work.

We use first- and third-party Cookies. First party Cookies come from our platform and send information only to us; third party Cookies are placed on our website by third parties and send information about your device to other companies that recognise the Cookie. We use session Cookies, which are only stored for individual online sessions and are deleted when you close your browser; and persistent Cookies, which are deleted when they reach their expiry date or are deleted by the user. 

We place Strictly Necessary Cookies to provide you with a tele media service or other equivalent information society service expressly requested by you. The subsequent processing of Strictly Necessary Cookies is based on our legitimate interest to provide you with a technically optimized, user-friendly and appropriate website or your consent (as applicable). We use other Cookies only with your consent. Where we rely on consent, you can withdraw your consent at any time with effect for the future, e.g. by managing your Cookie settings on our site.

A list of Cookies used by our website can be found in the following:
Cookie Category
Cookie name
First / third party
Cookie domain
Cookie Lifetime
Purposes
Strictly Necessary
Language
First Party
Cleanfox.io (api web storage)
13 months
Interface language preference.
Session Preference
First Party
Cleanfox.io (api web storage)
13 months
Local backup of the user's choices for using the service
Token
First Party
Cleanfox.io (api web storage)
30 days
Temporary 30-day authentication ID to prevent reconnection.
Google Analytics
First Party
Cleanfox.io (api web storage)
13 months
Measure the performance of the site to improve it and make sure the user can connect
Google Tag Manager
First Party
Cleanfox.io (api web storage)
13 months
Measure the performance of the site to improve it.
Sentry
First Party
Cleanfox.io (api web storage)
13 months
Detect errors and measure the stability of the site.
Huawei Remote Config
First Party
Cleanfox.io (api web storage)
13 months
Change the behavior and appearance of the application without needing to update it.
Huawei Messaging
First Party
Cleanfox.io (api web storage)
13 months
Receive notifications from Cleanfox when opt-in
Huawei Crashlytics
First Party
Cleanfox.io (api web storage)
13 months
Detect errors and measure the stability of the application.
Advertising
Google Tag Manager
First Party
Cleanfox.io (api web storage)
13 months
Measure the site audience to improve it.
Google Ads (adwords4)
Third Party
google.com
13 months
Measure the site audience to improve it.
Facebook Pixel
Third Party
facebook.com
13 months
Measure the site audience to improve it.
Tiktok.com
Third Party
tiktok.com
13 months
Measure the site audience to improve it.
Doubleclick.net
Third Party
doubleclick.net
13 months
Measure the site audience to improve it.
outbrain.com
Third Party
outbrain.com
13 months
Measure the site audience to improve it.
utm
First Party
Cleanfox.io (api web storage)
13 months
Measure the site audience to improve it.
We also use the following third party technologies:
Name
Description
Adjust
We use the Adjust SDK to help us understand how users interact with our app. This SDK may set cookies or similar technologies on your device to collect data about your app usage, such as which features you use and how often. This data is used in an anonymized or pseudonymized form and does not directly identify you.

Adjust collects advertising information about you only if you gave your consent.  

Here are some key things to keep in mind about the data collected by the Adjust SDK:
 
Limited data collection: The Adjust SDK focuses on app usage data and does not collect personal information like your name, email address, or phone number.

Anonymization or pseudonymization: The data collected is anonymized or pseudonymized, meaning it cannot be directly linked back to you as an individual.

You can find more information about Adjust's privacy practices on their website: https://www.adjust.com/terms/privacy-policy/

Adjust acts as a data processor within the meaning of article 28 of the GDPR to Fox.

Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Amplitude
Our website uses Amplitude Analytics to better understand how you use our website. Personal data, including your IP address, collected by Amplitude Analytics may be transferred to Amplitude servers. The information collected includes the websites you visit, the time of the visit, your behaviour on our website, whether you have been to our website before and from which website you were referred to our website. For more information, please visit https://amplitude.com/privacy. Amplitude acts as a data processor within the meaning of article 28 of the GDPR to Fox. Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Firebase
Firebase Remote Config: This tool serves to detect errors and measure the stability of the site.

Firebase Crashlytics: this tool serves to detect errors and measure the stability of the application.

Firebase Messaging: this tool serves to receive notifications from Cleanfox when opt-in. Firebase acts as a data processor within the meaning of article 28 of the GDPR to Fox.

Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.  
Smartlook
This tool provides anonymized video reproduction of actions taken by users to improve the application with their consent only.

Smartlook acts as a data processor within the meaning of article 28 of the GDPR to Fox.

Third country transfer mechanism: EU Standard Contractual Clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.  
Moengage
We use the MoEngage SDK to understand user engagement with our app and deliver personalized experiences with your consent only. This SDK may set cookies or similar technologies on your device to collect data about your app usage, such as which features you interact with and how often. This data helps us improve our app and marketing efforts.

Moengage acts as a data processor within the meaning of article 28 of the GDPR to Fox.

Third country transfer mechanism: Adequacy decision by the European Commission pertaining to U.S. companies having self-certified under the EU/U.S. Data Privacy Framework Program (DPF).  

See here
You can also use our website without Cookies, but you might not be able to use our website to its full extent or to use certain functionalities. You can find more information about Cookies here.
12. Questions, exercising your data protection rights, complaints
If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact our data protection officer by emailing DPO@gfk.com, mentioning “Cleanfox” in the email subject line.  

We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data. You can also lodge a complaint with the competent data protection authority.